An information leak issue was found in the SLiRP networking implementation of the QEMU emulator. It occurs in tcp_emu() routine while emulating Identification protocol and crafted/malformed messages are sent making it return uninitialized variables. A user/process could use this flaw to read uninitialised stack memory contents from the QEMU process resulting in information leakage. Upstream patch: --------------- -> https://lists.gnu.org/archive/html/qemu-devel/2019-03/msg01871.html Reference: ---------- -> https://www.openwall.com/lists/oss-security/2019/03/18/1
Acknowledgments: Name: William Bowling
Created qemu tracking bugs for this issue: Affects: fedora-all [bug 1689794]
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2019:1650 https://access.redhat.com/errata/RHSA-2019:1650
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-9824
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:2078 https://access.redhat.com/errata/RHSA-2019:2078
This issue has been addressed in the following products: Red Hat OpenStack Platform 10.0 (Newton) Red Hat OpenStack Platform 13.0 (Queens) Red Hat OpenStack Platform 14.0 (Rocky) Via RHSA-2019:2425 https://access.redhat.com/errata/RHSA-2019:2425
This issue has been addressed in the following products: Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 Red Hat Virtualization Engine 4.3 Via RHSA-2019:2553 https://access.redhat.com/errata/RHSA-2019:2553
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2019:3345 https://access.redhat.com/errata/RHSA-2019:3345